Skip to content

sentient-agi/Sentient-Enclaves-Framework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

160 Commits
.bin
.bin
Β 
Β 
.cargo
.cargo
Β 
Β 
.docker
.docker
Β 
Β 
.linux
.linux
Β 
Β 
cryptography
cryptography
Β 
Β 
docs
docs
Β 
Β 
pf-proxy
pf-proxy
Β 
Β 
pipeline
pipeline
Β 
Β 
rbuilds.legacy
rbuilds.legacy
Β 
Β 
rbuilds
rbuilds
Β 
Β 
reference_apps
reference_apps
Β 
Β 
web-ra
web-ra
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Cargo.lock
Cargo.lock
Β 
Β 
Cargo.toml
Cargo.toml
Β 
Β 
LICENSE-APACHE
LICENSE-APACHE
Β 
Β 
README.md
README.md
Β 
Β 
rust-toolchain
rust-toolchain
Β 
Β 
rustfmt.toml
rustfmt.toml
Β 
Β 

Repository files navigation

Sentient Enclaves Framework

Homepage GitHub release License GitHub release

Welcome to the Sentient Enclaves Framework. The framework provides end-to-end infrastructure for building confidential AI applications using TEEs.

List of Contents πŸ“š

Overview πŸ”

Trusted Execution Environments (TEEs, aka Confidential Computing Environments) are a type of hardware-based security mechanism that allows for the secure execution of code in a protected environment (hardware isolated memory area). TEEs are designed to provide a secure and isolated execution environment for applications that handling sensitive data (data-sets), such as AI models, by ensuring that the code and data are protected from any unauthorized external access. This framework provides a comprehensive infrastructure for building confidential AI applications using AWS's Nitro Enclaves offering. The framework enables the creation of confidential enclaves that are isolated from the host machine and operator (cloud provider) infrastructure.

Features πŸ”₯

  • Seamlessly setup and deploy confidential AI applications in TEEs πŸš€
  • Generate reproducible builds and verifiable build hashes for enclave image and applications πŸ”
  • Access internet services inside isolated enclave using forward proxies πŸ”Œ
  • Deploy internet-facing applications inside enclave using reverse proxies 🌐

Framework Components πŸ—οΈ

To allow for the creation of confidential AI applications set of infrastructure components are needed. The framework abstracts these components away from the developer, providing a simple interface for building confidential AI applications. Framework provides following components:

Component Description Functionality Documentation
pipeline Implementation of binary protocol over vsock for interacting with enclave Controls enclave execution and enables bi-directional file transfers Details
rbuilds.sh Script utilising set of components for building reproducible enclave images Enables byte-level reproducibility for enclave images and streamlines the build process Details
pf-proxy Transparent vsock proxies for internet-enabled applications Provides full networking stack support, enabling outbound TCP connections using forward proxies and inbound TCP connections using reverse proxies for enclaves Details

Project Diagram:

Note

More details about these components and other framework components that are under development can be found in the Detailed project reference README.

Figure 1: Shows overall framework architecture and interactions between components

Getting Started πŸš€

Building the components

Prerequisites πŸ“‹

Building core components of the framework πŸ› οΈ

Building the core components of the framework is done using the rbuilds.sh script. This script simplifies the process of building the components and handles all the dependencies. Exact steps are available in the BUILDING.md file.

Building and running apps ⚑

Once the core components are built, the apps can be built and run using the rbuilds.sh script. Reference apps directory contains example applications that utilize the framework. Each reference application follows the following structure:

reference_apps/
β”œβ”€β”€ reference_app_name : Name of the reference application
β”‚   β”œβ”€β”€ reference_app_name.dockerfile : Template Dockerfile for building the application with necessary dependencies to run inside enclave
β”‚   β”œβ”€β”€ TEE_rbuilds_setup.md: Application setup guide for building and running the application using rbuilds.sh
β”‚   β”œβ”€β”€ TEE_setup.md: Legacy setup guide

To run any of the reference applications, the steps outlined in the respective TEE_rbuilds_setup.md should be followed.

Directory Structure πŸ“

Project follows the directory structure given below:

sentient-enclaves-framework/
β”œβ”€β”€ pipeline : source code for pipeline component for interacting with enclaves
β”œβ”€β”€ pf-proxy : Source code for transparent vsock proxies for internet-enabled applications
β”œβ”€β”€ rbuilds
β”‚   β”œβ”€β”€*.dockerfile : Dockerfile used for different stages while building enclave images
β”‚   β”œβ”€β”€ rbuilds.sh: Script for building reproducible enclave images 
β”œβ”€β”€ rbuilds.legacy : Legacy build system for building enclave images. Currently not used.
β”œβ”€β”€ reference_apps : Reference applications that utilize the framework
β”‚   β”œβ”€β”€ fingerprinting_server : A model fingerprinting server that fingerprints models based on OML fingerprinting library
β”‚   β”œβ”€β”€ inference_server : An inference server that uses a local model inference.
β”‚   β”œβ”€β”€ X_Agent : A reference agent that interacting with X users.
β”œβ”€β”€ web-ra: Web Server for remote attestation of enclaves (WIP)
└── docs : Detailed documentation for the framework and its components

Contributing 🀝

Important

Contributions are welcome! Contribution guidelines will soon be available.

License πŸ“

This project is licensed under the Apache 2.0 License.

About

Sentient Enclaves Framework for Trusted Confidential AI & Crypto Apps

sentient-agi.github.io/Sentient-Enclaves-Framework/

Topics

kvm qemu qemu-kvm tee trusted-execution-environment confidential-computing nitro-enclaves nitro-enclave amd-sev-snp intel-tdx confidential-ai gpu-tee nvidia-tee nvidia-gpu-tee nvtrust kvm-qemu

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

9 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

8 tags

Packages

No packages published

Contributors 2

Languages